2. Assess and resolve the incident
A dedicated Incident Response Team is set up to find the root cause and resolve the incident. Our team of experts in cyber security has deep technical expertise in various fields, and participates in the problem solving as needed, in addition to the experts of the product affected by the incident.
The security professionals on our Security Operations team handle day-to-day security operations including being subject matter experts in incident handling. The team also handles our security systems and frameworks, and provides training and guidance to our product teams in matters related to security.
Visma Group Legal including the local Data Protection Manager (DPM) is always part of the response team for privacy incidents, to ensure that risks are assessed and proper communication is done. Internal and external stakeholders are informed continuously through this process.
To ensure efficient and transparent communication, we set up dedicated chat rooms for the specific incident, involving only the personnel needed.
Mitigating actions are done as needed to ensure we fix the problem and prevent it from happening again. The actions and their timeline are documented in the Incident Report, in addition to the root cause analysis, details describing the incident, and the consequences for any data subjects involved.